﻿namespace Cos.Core.Service
{
    using System;
    using System.Security.Permissions;
    using System.Web;
    using System.Web.Security;

    public class SessionService : ISessionService
    {
        [PrincipalPermission(SecurityAction.PermitOnly, Authenticated = false)]
        public bool SignIn(string username, string password)
        {
            FormsAuthentication.SetAuthCookie(username, false);
            HttpContext.Current.Session["Username"] = username;
            return true;
        }

        [PrincipalPermission(SecurityAction.PermitOnly, Authenticated = true)]
        public bool SignOut()
        {
            if (!this.Authenticated)
            {
                return false;
            }

            // TODO
            HttpContext.Current.Session["Username"] = null;
            return true;
        }

        public bool Authenticated
        {
            get { return HttpContext.Current.Session["Username"] != null; }
        }
    }
}
